Federal prosecutors on Wednesday charged six Estonian men and one Russian man with orchestrating a vast Internet scam that involved infecting more than 4 million computers around the globe with malicious software and collecting money from online advertisements.
The prosecutors said the scheme involved duping computer owners into downloading malicious software, or malware, that would hijack Internet searches and replace standard online ads with ones that the defendants could profit from.
Searches for terms like “IRS” and “iTunes” on an infected computer would send the user to sites that would pay the scammers a referral fee, prosecutors said. The scheme brought in at least $14 million over a period of five years, they said.
“On a mass scale, this gave new meaning to the term false advertising,” said Preet Bharara, the United States attorney for the Southern District of New York, during a news conference in Manhattan.
The malware also blocked the installation of anti-virus software and operating system updates on infected computers, rendering them unable to counter the malicious software and leaving them vulnerable to other attacks from computer viruses.
Nearly 500,000 of the infected machines were in the United States. Mr. Bharara said the plot first came to light after computers at the National Aeronautics and Space Administration were infected, setting off suspicion. Officials then worked with computer security teams to unearth the plot and trace the origin of the infections.
Mr. Bharara said that the rogue servers that allowed the hackers to conduct their fraud were located in New York and Chicago. As of Wednesday morning, officials said that all of the known rogue computers and servers had been disconnected and that government officials in Estonia had apprehended six of the suspects; one remains at large. The United States Attorneys Office plans to extradite the defendants to the United States.
Mr. Bharara said the case reflected the complex and growing threat of crimes and scams perpetrated on the Web.
“The modern high-tech heist does not require any longer a gun, a mask, a note or a getaway car.It requires only the Internet and ingenuity, and can be accomplished in the blink of an eye and the click of a mouse, and at a distance of thousands of miles,” he said. “What we see in cases like today’s is likely just the tip of the Internet iceberg,” Mr. Bharara added.